1、使用数据库访问客户端以 root 用户身份连接到数据库服务器:
# mysql -uroot -p123
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 17
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
2、创建 neutron 数据库
MariaDB [(none)]> CREATE DATABASE neutron default character set utf8;
3、创建并授予 neutron 用户完全操作 neutron 库权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
4、创建 neutron 用户
交互式:
# openstack user create --domain default --password-prompt neutron
非交互式:
# openstack user create --domain default --password=neutron neutron
5、将 admin 角色添加到 neutron 用户和 service 项目
#openstack role add --project service --user neutron admin
6、创建 neutron 服务实体
# openstack service create --name neutron \
--description "OpenStack Networking" network
7、创建网络服务API端点
# openstack endpoint create --region RegionOne \
network public http://controller:9696
# openstack endpoint create --region RegionOne \
network internal http://controller:9696
# openstack endpoint create --region RegionOne \
network admin http://controller:9696
8、选择自定义网络:Open vSwitch(网络设备Linux Bridge与Open vSwitch的区别)
# yum install openstack-neutron openstack-neutron-ml2 openvswitch openstack-neutron-openvswitch ebtables -y
9、修改配置文件/etc/neutron/neutron.conf
# cd /etc/neutron/ && mv neutron.conf neutron.conf.source && cat neutron.conf.source |grep -Ev "^#|^$" > neutron.conf && chown root:neutron neutron.conf
# vi /etc/neutron/neutron.conf
在 [database] “配置数据库访问”部分中
[database]
# ...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
在【DEFAULT】部分,启用模块化第二层(ML2)插件、路由器服务和重叠的IP地址
[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
在【DEFAULT】部分中,配置RabbitMQ消息队列访问
[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@controller
在【DEFAULT】和【keystone_authtoken】部分中,配置身份服务访问权限
[DEFAULT]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
在【DEFAULT】和【nova】部分中,配置网络以通知Compute网络拓扑更改
[DEFAULT]
# ...
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
在【oslo_concurrency】部分,配置锁路径
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
10、修改配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
# cd /etc/neutron/plugins/ml2 && mv ml2_conf.ini ml2_conf.ini.source && cat ml2_conf.ini.source |grep -Ev "^#|^$" > ml2_conf.ini && chown root:neutron ml2_conf.ini
# vi /etc/neutron/plugins/ml2/ml2_conf.ini
在【ml2】部分中,启用平面、和VXLAN网络
[ml2]
# ...
type_drivers = flat,vxlan
在【ml2】部分中,启用VXLAN自助服务网络
[ml2]
# ...
tenant_network_types = vxlan
在[ml2]部分中,启用ovs
[ml2]
# ...
mechanism_drivers = openvswitch,l2population
在【ml2】部分中,启用端口安全扩展驱动程序
[ml2]
# ...
extension_drivers = port_security
在【ml2_type_flat】部分中,设置flat网络的名称
[ml2_type_flat]
flat_networks = ph01
在【ml2_type_vxlan】部分中,为自助服务网络配置VXLAN网络标识符范围
[ml2_type_vxlan]
# ...
vni_ranges = 1:1000
在【securitygroup】部分中,启用ipset以提高安全组规则的效率
[securitygroup]
# ...
enable_ipset = true
11、修改配置文件/etc/neutron/plugins/ml2/openvswitch_agent.ini
# cd /etc/neutron/plugins/ml2 && mv openvswitch_agent.ini openvswitch_agent.ini.source && cat openvswitch_agent.ini.source |grep -Ev "^#|^$" > openvswitch_agent.ini && chown root:neutron openvswitch_agent.ini
# vi /etc/neutron/plugins/ml2/openvswitch_agent.ini
[DEFAULT]
[agent]
tunnel_types = vxlan
l2_population = True
[ovs]
bridge_mappings = ph01:br-ex
tunnel_bridge = br-tun
local_ip = 172.16.10.100 #本机第二块网卡的ip
#bridge_mappings =
[securitygroup]
firewall_driver = iptables_hybrid
enable_security_group = true
[xenapi]
12、修改配置文件 /etc/neutron/l3_agent.ini
# cd /etc/neutron/ && mv l3_agent.ini l3_agent.ini.source && cat l3_agent.ini.source |grep -Ev "^#|^$" > l3_agent.ini && chown root:neutron l3_agent.ini
# vi /etc/neutron/l3_agent.ini
在[DEFAULT]部分,配置openvswitch接口驱动和外部网络网桥
[DEFAULT]
interface_driver = openvswitch
external_network_bridge = br-ex
[agent]
[ovs]
13、修改配置文件etc/neutron/dhcp_agent.ini
# cd /etc/neutron/ && mv dhcp_agent.ini dhcp_agent.ini.source && cat dhcp_agent.ini.source |grep -Ev "^#|^$" > dhcp_agent.ini && chown root:neutron dhcp_agent.ini
# vi /etc/neutron//dhcp_agent.ini
[DEFAULT]
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
[agent]
[ovs]
14、修改配置文件/etc/neutron/metadata_agent.ini,配置元数据
# cd /etc/neutron/ && mv metadata_agent.ini metadata_agent.ini.source && cat metadata_agent.ini.source |grep -Ev "^#|^$" > metadata_agent.ini && chown root:neutron metadata_agent.ini
# vi /etc/neutron/metadata_agent.ini
在[DEFAULT]部分,配置元数据主机和共享秘钥
[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = openstacklinux #秘钥
15、修改配置文件/etc/nova/nova.conf
# vi /etc/nova/nova.conf
在【neutron】部分中,配置访问参数,启用元数据代理,并配置密钥
[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = openstacklinux
16、Networking服务初始化脚本需要符号链接/etc/neutron/plugin.ini指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini。如果这个符号链接不存在,请使用下面的命令创建它
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
17、同步nuetron数据库
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
18、重新启动compute-api服务
# systemctl restart openstack-nova-api.service
19、启动neutron各服务并设置为开机自启动
# systemctl enable neutron-server.service neutron-dhcp-agent.service openvswitch neutron-openvswitch-agent neutron-metadata-agent.service
# systemctl start neutron-server.service neutron-dhcp-agent.service openvswitch neutron-openvswitch-agent neutron-metadata-agent.service
20、其他
查看所有网桥
ovs-vsctl show
创建br-ex网桥
ovs-vsctl add-br br-ex
绑定第三块网卡(第三块网卡不要获取IP,设置为none)
ovs-vsctl add-port br-ex ens35
启用第三层服务并设置开机自启(路由)
# systemctl enable neutron-l3-agent.service
# systemctl start neutron-l3-agent.service
查看服务状态
# openstack network agent list
# neutron agent-list
控制节点neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:openstack@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[cors]
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[privsep]
[ssl]
ml2_conf.ini
[DEFAULT]
[ml2_type_flat]
flat_networks = ph01
[ml2]
type_drivers = flat,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
openvswitch_agent.ini
[DEFAULT]
[agent]
tunnel_types = vxlan
l2_population = True
[ovs]
bridge_mappings = ph01:br-ex
tunnel_bridge = br-tun
local_ip = 172.16.10.100
#bridge_mappings =
[securitygroup]
firewall_driver = iptables_hybrid
enable_security_group = true
[xenapi]
l3_agent.ini
[DEFAULT]
interface_driver = openvswitch
external_network_bridge = br-ex
[agent]
[ovs]
dhcp_agent.ini
[DEFAULT]
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
[agent]
[ovs]
metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = openstacklinux
[cache]
nova.conf增加了neutron部分
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = openstacklinux
